Government News - Lock down those Citrix gateways!
Citrix Opens Security Holes in Military, Federal Web Sites
CITRIX: Owning the Legitimate Backdoor
Hacking CITRIX - the forceful way
Citrix Security Best Practices
The Internet is full of wide open CITRIX gateways. This is madness!. The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tons of wide open services, some of which were located on .gov and .mil domains.
When available over the Internet, such configuration files offer a wealth of information to malicious hackers about the server operating environments of these gateways. Even more troublesome is how the researcher found that, using his own Citrix client software, he was able to access many of these remotely available applications without log-in access.
eWeek covered this problem and attributed the vulnerability less to Citrix’s software itself and more to sysadmin laxness in not properly managing port 1494, the port Citrix software usually deploys to supply applications to end users. "Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain," one security observer noted on a mailing list.